Monthly Archives: December 2013

http://www.wired.com/threatlevel/2013/12/nsa-hacking-catalogue/ By Kim Zetter Threat Level Wired.com 12.30.13 While most Americans spend their time shopping Amazon, Target and Apple.com, the National Security Agency’s elite team of hackers spends its time shopping a secret high-end catalog of custom tools designed to subvert firewalls, servers, and routers made by U.S. firms, impersonate a GSM base station to intercept mobile phone calls, or siphon data from a wireless network. Hackers in the Tailored Access Operations division get the “ungettable” data the NSA can’t otherwise obtain from tapping undersea cables or collecting bulk data from companies like Yahoo and Google. They do this by by installing backdoors and other implants remotely or by physically intercepting hardware being delivered to customers and planting backdoors in firmware, der Spiegel reports, citing newly disclosed documents from NSA whistleblower Edward Snowden. “For nearly every lock, ANT seems to have a key in its toolbox,” der Spiegel writes. “And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.” With names like PICASSO, IRATEMONKEY, COTTONMOUTH, and WATERWITCH, the various tools allow NSA snoops to map networks and not only monitor data but surreptitiously divert it or modify it. […]

http://www.computerworld.com/s/article/9245053/Target_confirms_customer_PINs_were_taken_in_breach_maintains_data_is_safe By Chris Kanaracus IDG News Service December 27, 2013 Target has confirmed that hackers obtained customer debit card PINs (personal identification numbers) in the massive data breach suffered by the retailer during the busy holiday shopping season, but says customers should be safe, as the numbers were encrypted. Some 40 million customer debit and credit cards were affected by the breach, but until now it wasn’t clear that PINs were part of the hackers’ massive haul. “While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed,” Target said in a statement on its website Friday. “We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.” When Target customers use their debit cards, the PIN is secured with Triple DES encryption at the checkout keypads, according to the statement. “Target does not have access to nor does it store the encryption key within our system,” it adds. “The PIN information is encrypted within Targets systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the ‘key’ necessary to decrypt that data has never existed within Targets system and could not have been taken during this incident.” […]

http://www.defenseone.com/threats/2013/12/china-top-foreign-investor-us-firms-critical-national-security/75899/ By Tim Fernholz Quartz December 23, 2013 China overtook the United Kingdom last year as the country that received the most scrutiny of its US investments, according to the US government. The Committee on Foreign Investment in the US (CFIUS) is charged with reviewing mergers, acquisitions, and other transactions where a foreign entity might take control of a US firm that makes “critical technology,” provides services to the government or military, accesses classified information, or might otherwise provide malicious actors with some way to hurt the US. Since 2010, CFIUS has reviewed 318 proposed transactions, most of which were in the manufacturing sector; 40 were withdrawn after reviews began. President Obama only weighed in on one decision, terminating a transaction where a Chinese-controlled corporation could build a wind farm near a US naval weapons research facility. The increase in attention to China likely reflects growing investment, not a pattern of targeting sensitive businesses, the declassified report suggests. But it is notable that among the top ten economies investing in firms covered by CFIUS, China is the only one that is not explicitly a US ally. […]

http://www.darkreading.com/attacks-breaches/attackers-wage-network-time-protocol-bas/240165063 By Kelly Jackson Higgins Dark Reading December 30, 2013 Attackers have begun exploiting an oft-forgotten network protocol in a new spin on distributed denial-of-service (DDoS) attacks, as researchers spotted a spike in so-called NTP reflection attacks this month. The Network Time Protocol, or NTP, syncs time between machines on the network, and runs over port 123 UDP. It’s typically configured once by network administrators and often is not updated, according to Symantec, which discovered a major jump in attacks via the protocol over the past few weeks. “NTP is one of those set-it-and-forget-it protocols that is configured once and most network administrators don’t worry about it after that. Unfortunately, that means it is also not a service that is upgraded often, leaving it vulnerable to these reflection attacks,” says Allan Liska, a Symantec researcher in blog post last week. Attackers appear to be employing NTP for DDoSing similar to the way DNS is being abused in such attacks. They transmit small spoofed packets requesting a large amount of data sent to the DDoS target’s IP address. According to Symantec, it’s all about abusing the so-called “monlist” command in an older version of NTP. Monlist returns a list of the last 600 hosts that have connected to the server. “For attackers the monlist query is a great reconnaissance tool. For a localized NTP server it can help to build a network profile. However, as a DDoS tool, it is even better because a small query can redirect megabytes worth of traffic,” Liska explains in the post. […]

http://news.techworld.com/security/3495137/bbc-server-took-over-by-russian-cybercriminal/ By Sam Shead Techworld 30 December 2013 A Russian hacker gained access to a BBC server over the Christmas period and attempted to sell access to it to other cybercriminals, reports suggest. US firm Hold Security told Reuters and the Financial Times that it had spotted the hacker advertising the exploit on an underground cybercrime forum. The BBC’s security team responded to the incident on Saturday and told Reuters that they have since secured the site. However, it’s not clear whether a sale was made before the exploit was addressed. The media organisation refused to discuss the breach, claiming that it does not comment on security issues. […]

# We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on .localhost. is a local user #http_access deny to_localhost

Merry Holidays to everyone reading InfoSec News! In the coming days as we enjoy our holiday festivities with friends and family, I ask that you take the time to remember the soldiers, support workers, and security personnel that work tirelessly to protect us. For as long as I can remember, there have always been members of the Armed Forces working on Christmas in places so far removed from the comfort and safety of their homes, and this year is no exception. As you and I open presents, these brave men and women have only the memories of holidays past to get them through the season. As we prepare for our own holiday celebrations, the staff of InfoSec News will take the time to reflect on all those who work to serve us so valiantly and all those who made the greatest sacrifice of all to guarantee our freedom. One doesn’t need to be a Christian to enjoy the message of the season. Have a safe, secure and happy holiday. Best wishes for a happy and healthy new year! William Knowles InfoSec News www.infosecnews.org

http://www.csoonline.com/article/744905/inside-knowledge-likely-in-target-breach-experts-say By Antone Gonsalves csoonline.com December 19, 2013 The Target security breach that left millions of debit and credit card holders at risk of becoming victims of fraud left experts pondering the question of how such a massive theft might have occurred. Theories varied, but the scant details released by the retailer Thursday left some experts believing the criminals had to have some inside knowledge of the company’s point-of-sale system in order to compromise it so effectively. Either people inside the organization were involved or, “at the very least, (the thieves) had sophisticated knowledge and a clear understanding of the cardholder data flows, in order to pinpoint where to steal this very specific data and then exfiltrate it,” Mark Bower, director of information protection solutions at Voltage Security, said. Target reported Thursday that card data, including customer name, credit or debit card number and the card’s expiration date and CVV code, had been stolen from 40 million accounts used for shopping between Nov. 27 and Dec. 15. The CVV code is the three-digit security number found on the back of cards. […]

Archives

Meta

Post Popularity Graph

Sharing

Buy a copy of my book!

This management book focuses on the crucial knowledge you'll need to become a great manager and leader. It will teach you the important management and leadership skills so others will call you "great"!